1 /* 2 * Authorization definitions for the CUPS scheduler. 3 * 4 * Copyright 2007-2014 by Apple Inc. 5 * Copyright 1997-2006 by Easy Software Products, all rights reserved. 6 * 7 * Licensed under Apache License v2.0. See the file "LICENSE" for more information. 8 */ 9 10 /* 11 * Include necessary headers... 12 */ 13 14 #include <pwd.h> 15 16 17 /* 18 * HTTP authorization types and levels... 19 */ 20 21 #define CUPSD_AUTH_DEFAULT -1 /* Use DefaultAuthType */ 22 #define CUPSD_AUTH_NONE 0 /* No authentication */ 23 #define CUPSD_AUTH_BASIC 1 /* Basic authentication */ 24 #define CUPSD_AUTH_NEGOTIATE 2 /* Kerberos authentication */ 25 #define CUPSD_AUTH_AUTO 3 /* Kerberos or Basic, depending on configuration of server */ 26 27 #define CUPSD_AUTH_ANON 0 /* Anonymous access */ 28 #define CUPSD_AUTH_USER 1 /* Must have a valid username/password */ 29 #define CUPSD_AUTH_GROUP 2 /* Must also be in a named group */ 30 31 #define CUPSD_AUTH_ALLOW 0 /* Allow access */ 32 #define CUPSD_AUTH_DENY 1 /* Deny access */ 33 34 #define CUPSD_AUTH_NAME 0 /* Authorize host by name */ 35 #define CUPSD_AUTH_IP 1 /* Authorize host by IP */ 36 #define CUPSD_AUTH_INTERFACE 2 /* Authorize host by interface */ 37 38 #define CUPSD_AUTH_SATISFY_ALL 0 /* Satisfy both address and auth */ 39 #define CUPSD_AUTH_SATISFY_ANY 1 /* Satisfy either address or auth */ 40 41 #define CUPSD_AUTH_LIMIT_DELETE 1 /* Limit DELETE requests */ 42 #define CUPSD_AUTH_LIMIT_GET 2 /* Limit GET requests */ 43 #define CUPSD_AUTH_LIMIT_HEAD 4 /* Limit HEAD requests */ 44 #define CUPSD_AUTH_LIMIT_OPTIONS 8 /* Limit OPTIONS requests */ 45 #define CUPSD_AUTH_LIMIT_POST 16 /* Limit POST requests */ 46 #define CUPSD_AUTH_LIMIT_PUT 32 /* Limit PUT requests */ 47 #define CUPSD_AUTH_LIMIT_TRACE 64 /* Limit TRACE requests */ 48 #define CUPSD_AUTH_LIMIT_ALL 127 /* Limit all requests */ 49 #define CUPSD_AUTH_LIMIT_IPP 128 /* Limit IPP requests */ 50 51 #define IPP_ANY_OPERATION (ipp_op_t)0 52 /* Any IPP operation */ 53 #define IPP_BAD_OPERATION (ipp_op_t)-1 54 /* No IPP operation */ 55 56 57 /* 58 * HTTP access control structures... 59 */ 60 61 typedef struct 62 { 63 unsigned address[4], /* IP address */ 64 netmask[4]; /* IP netmask */ 65 } cupsd_ipmask_t; 66 67 typedef struct 68 { 69 size_t length; /* Length of name */ 70 char *name; /* Name string */ 71 } cupsd_namemask_t; 72 73 typedef struct 74 { 75 int type; /* Mask type */ 76 union 77 { 78 cupsd_namemask_t name; /* Host/Domain name */ 79 cupsd_ipmask_t ip; /* IP address/network */ 80 } mask; /* Mask data */ 81 } cupsd_authmask_t; 82 83 typedef struct 84 { 85 char *location; /* Location of resource */ 86 size_t length; /* Length of location string */ 87 ipp_op_t op; /* IPP operation */ 88 int limit, /* Limit for these types of requests */ 89 order_type, /* Allow or Deny */ 90 type, /* Type of authentication */ 91 level, /* Access level required */ 92 satisfy; /* Satisfy any or all limits? */ 93 cups_array_t *names, /* User or group names */ 94 *allow, /* Allow lines */ 95 *deny; /* Deny lines */ 96 http_encryption_t encryption; /* To encrypt or not to encrypt... */ 97 } cupsd_location_t; 98 99 typedef struct cupsd_client_s cupsd_client_t; 100 101 102 /* 103 * Globals... 104 */ 105 106 VAR cups_array_t *Locations VALUE(NULL); 107 /* Authorization locations */ 108 #ifdef HAVE_SSL 109 VAR http_encryption_t DefaultEncryption VALUE(HTTP_ENCRYPT_REQUIRED); 110 /* Default encryption for authentication */ 111 #endif /* HAVE_SSL */ 112 113 114 /* 115 * Prototypes... 116 */ 117 118 extern int cupsdAddIPMask(cups_array_t **masks, 119 const unsigned address[4], 120 const unsigned netmask[4]); 121 extern void cupsdAddLocation(cupsd_location_t *loc); 122 extern void cupsdAddName(cupsd_location_t *loc, char *name); 123 extern int cupsdAddNameMask(cups_array_t **masks, char *name); 124 extern void cupsdAuthorize(cupsd_client_t *con); 125 extern int cupsdCheckAccess(unsigned ip[4], const char *name, size_t namelen, cupsd_location_t *loc); 126 extern int cupsdCheckAuth(unsigned ip[4], const char *name, size_t namelen, cups_array_t *masks); 127 extern int cupsdCheckGroup(const char *username, 128 struct passwd *user, 129 const char *groupname); 130 extern cupsd_location_t *cupsdCopyLocation(cupsd_location_t *loc); 131 extern void cupsdDeleteAllLocations(void); 132 extern cupsd_location_t *cupsdFindBest(const char *path, http_state_t state); 133 extern cupsd_location_t *cupsdFindLocation(const char *location); 134 extern void cupsdFreeLocation(cupsd_location_t *loc); 135 extern http_status_t cupsdIsAuthorized(cupsd_client_t *con, const char *owner); 136 extern cupsd_location_t *cupsdNewLocation(const char *location); 137